FutureFive New Zealand logo
Consumer technology news from the future
Story image

Getting more Instagram followers? Could be a scam

By Shannon Williams
Wed 15 Mar 2017
FYI, this story is more than a year old

Cyber security firm ESET have discovered 13 new Instagram-credential-stealing apps that have been installed from the Google Play store by more than 1.5 million users worldwide.

ESET says the cybercriminals have been targeting Instagram users by luring them to install these apps, which claim to boost their Instagram followers.

Detected by ESET security products as Android/Spy.Inazigram, the applications harvest Instagram credentials and then send them to a remote server. To lure users into downloading them, the apps promise to rapidly increase the number of followers, likes and comments of a user’s Instagram account.

Figure 1 – The malicious apps on Google Play

According to ESET, the 13 malicious applications were discovered on the official Google Play store. They appear to have originated in Turkey, but some used English localisation to target Instagram users worldwide. Altogether, the malicious apps have been installed by up to 1.5 million users. Upon ESET’s notification, all 13 apps were removed from the store.

Apart from an opportunity to use compromised accounts for spreading spam and ads, there are also various “business models” in which the most valuable assets are followers, likes and comments. In their research, ESET analysts traced the servers to which the credentials were sent and connected these to websites selling various bundles of Instagram popularity boosters.

How does it work?

Once installed, each application had the same technique of stealing Instagram credentials from users and sending them to a remote server. Instagram followers, likes and comments are becoming highly sought after and profitable, so the apps lured users by promising them that they would rapidly increase the number of followers, likes and comments on their own Instagram account. Ironically, the compromised accounts were then used to raise follower counts of other users.

For one of these apps, “Instagram Followers”, the user needed to log in via an Instagram lookalike screen. The credentials entered were then sent to the attackers’ server in plain text. After having entered the credentials, the user would find it impossible to log in, as explained in an “incorrect password” error screen.

Furthermore, the error screen featured a note suggesting the user visit Instagram’s official website and verify their account in order to sign in to the third-party app. As the victims are notified about an unauthorised attempt to log in on their behalf and are prompted to verify their account as soon as they open the real Instagram app, the note aims to lower their suspicion in advance.

If the attackers are successful and the user doesn’t recognise the threat upon seeing Instagram’s notification, the stolen credentials can be put to further use.

 

Figure 2 – “Instagram Followers” promising to boost Instagram engagement

Figure 3 – Instagram login lookalike screen

Figure 4 – “Incorrect password” error preventing the user from logging in

Figure 5 – Official Instagram notification about unauthorized login attempt

How to know you’ve been infected and what to do

If you’ve downloaded one of these apps from Google Play, ESET says you will find it in your installed applications. You should also have seen a notice or email from Instagram saying someone is attempting to log into your account. Finally, your Instagram account will probably have gained an increased following and followers in a short amount of time and you’ll probably be getting replies to comments you never wrote.

You’ll need to uninstall all above mentioned apps in your application manager to clean your device. You can also let a mobile security solution remove the threats for you directly.

The next step is to secure your Instagram account. Make sure to change your Instagram password immediately and in case you’re using the same password on other platforms, change these as soon as possible as well. Malware authors are known to test stolen credentials across other services so it’s best practice to use a different password on each of your accounts.

“Social media apps like Instagram are very popular worldwide, and especially among the younger demographic,” says Nick FitzGerald, Senior Research Fellow at ESET

“Having a good following on Instagram can be important for some users, and many think the easiest and fastest way to do so is by buying them or looking for apps promising to maximize followers,” he explains.

“While these followers are fake accounts and this is not approved by Instagram’s guidelines, users then expose themselves to a greater risk of having their credentials and wider personal information stolen,” says FitzGerald.

“As a general guideline, users should be protecting their social media accounts whether accessing them from desktop or mobile.There are a few golden rules to remember when installing apps and protecting an account,” he says.

“Firstly, if you are installing a third-party app, do not insert your sensitive information into untrusted login forms. Secondly, do a quick check on the app popularity, ratings and reviews. Not all reviews can’t be trusted so if it looks dodgy, it probably is. Thirdly, enable two-factor authentication for stronger protection to your account and do not use the same password for all accounts.

“And finally, use a reputable mobile security solution to protect your device,” adds FitzGerald.

Figure: How the credential stealing works

Figure 6 – Websites selling Instagram followers

Related stories
Top stories
Story image
PaaS
New digital traffic light system to tackle construction defects
Smarter Defects Management launches its PaaS digital system and says it will revolutionise managing defects in the construction industry.
Story image
Microsoft
Microsoft backing Māori and Pacific wāhine in tech industry
A new initiative focused on getting Māori and Pacific wāhine into the tech industry and backed by Microsoft, NZTech and the government is calling for tech companies to get involved.
Story image
Review
Hands-on review: MSI MPG Z690 Carbon WIFI motherboard
It’s all change with Intel’s 12th generation CPUs. We have a new chipset in the 600-series, a new socket with the LGA 1700, and new DDR5 memory.
Story image
Gaming
Mastercard users can now use rewards points in gaming
Mastercard has launched Mastercard Gamer Xchange (MGX), allowing APAC consumers to convert their rewards points into gaming currency.
Story image
Jabra
Jabra reveals its latest portable headset Engage 55
Jabra has launched the Engage 55, the newest product in Jabra's Engage series designed for ultimate call security and quality.
Story image
Gaming
Game review: Tiny Tina’s Wonderlands (PC)
Tiny Tina’s Wonderlands is a spin-off that joins Borderlands, Borderlands 2, Borderlands 3, and Borderlands: The Pre-Sequel.
Story image
Review
Hands-on-review: Creative Outlier Air V3
Creative is back with the third version of its affordable Outlier Air wireless earbuds range - aptly named the ‘V3’. And this time, they come boasting ambient mode and active noise reduction.
Story image
Cybersecurity
Significant spike in consumer fraud, new report finds
Reported cases of consumer fraud more than tripled in the years 2020-2021 from prior years, according to a new report by Accenture.
Story image
Gaming
Game review: Weird West (PlayStation 4)
There have been many games released over the years based on the wild west era, but Weird West is one of the most unique.
Story image
Sustainability
The AI Forum helps NZ pave the way with AI sustainability practices
Non-profit organisation The AI Forum is helping Kiwis learn about addressing climate change issues through the use of AI technology.
Story image
Wireless
Hands-on review: Technics EAH-A800 Noise Cancelling Wireless Headphones
Designed in Osaka, Japan, these headphones just exude quality. They aren’t heavy, but they feel well built and solid.
Story image
Norton
Hands-on review: Norton Anti Track 19 software
We get hands on with Norton's new privacy tool that was introduced in March 2022.
Story image
Malware
Vulnerabilities in Lenovo laptops expose users to UEFI malware
Researchers at ESET have discovered three vulnerabilities affecting various Lenovo consumer laptop models.
Story image
i-PRO
i-Pro announces newest solutions as rebranded enterprise
i-PRO APAC Oceania has introduced its newest high-resolution mid-range cameras, with combined edge AI analytics and resolutions of up to 4K.
Story image
Microsoft
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
Jabra
Hands-on review: Jabra GN PanaCast 20 webcam
We get our hands on a Danish-designed high end webcam that has some rather unique artificial intelligence (AI) features.
Story image
Design
Dynabook launches new Tecra A40-K and A50-K models
Dynabook has announced two new additions to its Tecra range, with both said to help promote flexible working solutions while also reducing the strain on IT managers.
Story image
E-waste
NZ’s first and only e-waste sorting machine launched
Computer Recycling launches e-waste shredder and MSS optical sorting machine BLUBOX, which is able to sort out a tonne of e-waste per hour
Story image
Dynabook
Dynabook A/NZ announces new Portégé X40L-K hyperlight laptop
Dynabook A/NZ has unveiled the all-new Portégé X40L-K, a hyperlight 14.0" modern laptop utilising cutting-edge, high-performance computing power.
Story image
Online shopping
A/NZ shoppers plan to spend less, be more selective
For retailers, 2022 is set to be a year of introspection as shoppers across Australia and New Zealand indicate they plan to spend less.
Story image
Gaming
Game review: MLB The Show 22 (PS5)
Historically the MLB The Show series has been exclusive to PlayStation consoles, but now the franchise is expanding.
Story image
Corsair
Hands-on review: Corsair 32GB Vengeance 5200MHz DDR5 DRAM kit
Corsair’s Vengeance 5200MHz DDR5 DRAM offers PC users an entry-level upgrade to the new memory standard allowing them to get a little bit more out of their new Alder Lake CPUs.
Story image
Gaming
Study reveals Minecraft the hardest mobile game ever
According to a study by Mozillion, Minecraft: Pocket Edition tops the list as both the most searched for game and the one players need help with and try to cheat the most.
Story image
Gaming
Game review: Lego Star Wars: The Skywalker Saga (Xbox Series X)
The Lego Star Wars games have always been popular with both kids and adults as they are a cute way to relive the famous movies.
Story image
Gaming
Hands-on review: Intel Core i7-12700 CPU
Intel’s middle-of-the-road 12th generation Core i7-12700 offers performance at a lower price than the pricey Core i9 for users that are not fussed by overclocking.
Story image
NFT
Emirates to launch NFTs and experiences in the metaverse
"Emirates has embraced advanced technologies to improve business processes, enhance our customer offering, and enrich our employees' skills and experiences."
Story image
Sustainability
Can bots succeed where humans have failed in sustainability?
People want businesses to turn talk into action, and believe technology can help businesses succeed where people have failed.  
Story image
Review
Hands-on review: Amazon Kindle Paperwhite Signature Edition
In almost every respect it works like a book, apart from the fact that it weighs next to nothing, fits in my hand perfectly, and is soothing on my eyes.
Story image
Logitech
Logitech releases new mouse with ergonomic and sustainable focus
Logitech has announced the Logitech Signature M650 Mouse and the Signature M650 for Business Wireless Mouse, both with new ergonomic features and capabilities.
Story image
Review
Hands-on-review: GoPro Hero 10
I have a long history with GoPro; I still remember getting my first camera when I was 16, using it to film Parkour and the day I lost it down a dingey crag. 
Story image
Wireless
Sony to bring new 1000X series WH-1000XM5 headphones to the market
Sony has announced the newest edition of its award-winning wireless headphones, with the 1000X series WH-1000XM5 noise-cancelling model.
Story image
Music
Hands-on review: JBL Partybox 110 Bluetooth speaker
My first review in a long time is sure to create a lot of noise, if the experience in my household has been anything to go by.
Story image
Poly
Poly introduces new smart devices and announces Amazon e-store in Australia
Poly is introducing two new pro-grade devices to the market and announcing its first official Australian e-store on Amazon.
Story image
Mobility
Hands-on review: STM laptop bags
The advent of hybrid working has meant we need laptop bags. We got our hands on two of the most popular laptop bags from STM.
Story image
Wireless
Hands-on review: Steelseries Aerox 9 Wireless and Aerox 5 gaming mice
Steelseries offered two interesting mice for review, the Aerox 9 Wireless, aimed at MMO/MOBA players, and the Aerox 5, a wired mouse for multi-genre use.
Story image
D-Link
D-Link launches new G415 Smart Router as part of EAGLE PRO AI range
D-Link A/NZ has announced the launch of its new G415 AX1500 4G Smart Router as part of the new EAGLE PRO AI Series.
Story image
IDC
IDC finds 3.9% decline in worldwide tablet shipments
Preliminary data from IDC's Worldwide Quarterly Personal Computing Device Tracker has found tablet shipments reached 38.4 million units during Q1 2022, a year-over-year decline of 3.9%.
Story image
Collaboration
TikTok launches community-inspired effect capability
TikTok has announced the launch of its Effect House feature to allow its users to create and share Community Effects.
Story image
Cybersecurity
Russian, Ukraine-themed war lure of choice for cyber espionage
Russian and Ukraine-themed war documents have become the lure of choice for cyber espionage, according to a new analysis from Check Point Research.
Story image
Gaming
Hands-on review: 32GB PNY XLR8 Gaming MAKO 6000MHz DDR5 memory kit
PNY’s XLR8 Gaming MAKO DDR5 memory modules are designed to get the most out of systems based on Intel’s 12th generation Alder Lake CPUs.
Story image
Artificial Intelligence
Google to enter the smartwatch market with the Google Pixel Watch
Google has provided a first look at its new Google Pixel Watch, which is set to make an entry into the competitive smartwatch market.
Story image
Gaming
Hands-on review: The A500 Mini Retro Gaming Console
Retro Games, the UK outfit responsible for a range of retro gaming devices from joystick to full-sized Vic-20s and C64 emulators, have launched their A500 Mini Retro Gaming Console.
Story image
Artificial Intelligence
Tell-tale hints before volcanic eruptions found using AI
Researchers have pinpointed precursors to volcanic eruptions, in data collected before explosions including the deadly 2019 Whakaari surge that killed 22 people.
Booster
Booster Innovation Fund. A fund of Kiwi ingenuity – for Kiwi investors.
Link image